Report - ssdroidnotificationcl.biz

Report Overview

Visitedpublic

2025-07-14 17:24:09

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xml-v4.trackifyy.com	unknown	2023-12-04	2024-07-05	2025-05-29	1.7 kB	509 B	173.239.53.20
net.geo.opera.com	256136	1999-04-14	2014-05-12	2025-07-11	606 B	2.7 MB	185.26.182.111
router.parklogic.com	unknown	2007-02-28	2025-03-19	2025-07-13	520 B	201 B	172.234.216.100
xmlclick.adcannyxml.com	unknown	2020-03-23	2022-03-04	2025-06-28	632 B	13 kB	23.226.122.79
filter.trackifyy.com	unknown	2023-12-04	2025-07-14	2025-07-14	609 B	13 kB	173.239.53.20
errippleshiswash.com	unknown	unknown	No data	No data	618 B	1.6 kB	104.21.84.146
ssdroidnotificationcl.biz	unknown	2024-01-31	2024-02-17	2025-06-27	951 B	5.3 kB	172.233.219.78
click-v4.junclikrmedi.com	unknown	2024-12-18	2025-07-03	2025-07-10	1.1 kB	27 kB	198.134.116.17

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-14	medium	ssdroidnotificationcl.biz	Sinkholed

ThreatFox

No alerts detected

File detected

URL

net.geo.opera.com/opera/stable/windows?utm_source=admaven&utm_medium=apb&utm_campaign=popup&utm_content=1199742&utm_id=6658588536397025818

IP / ASN

185.26.182.111

#39832 Opera Norway AS

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Size2.7 MB (2652984 bytes)

MD50fb66f9deb03b316ad1b6798d0a46de4

SHA1457840829effa1fced93e63e13d5a7f6164be9b9

SHA256cb94ac351c0d0b1736902f91fc1b20136d7d3233f30e1f159bb0de4a042856ae

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	ssdroidnotificationcl.biz/	ScriptElement	4.3 kB	2025-07-14	2025-07-14
URL ssdroidnotificationcl.biz/ IP / ASN 172.233.219.78 #63949 Akamai Connected Cloud Introduced by ScriptElement Embedded true Resource Info First Seen 2025-07-14 Last Seen 2025-07-14 Times Seen 1 Size 4.3 kB (4335 bytes) MD5 a986857c35b79ecb5f86f6e88532916e SHA1 83555f23b1e9d56f2860de58d6134965c5308a8a SHA256 76a6d7faec380360890d03dd6b32a43b80786d1b98235768ce44fc51ba6fb350 Format Code Loading...

	filter.trackifyy.com/filter?q=email+list&i=3-bEFXHFED0_0&ci=-8798162047562749180&t=474483375&h=1	EventHandler	17 B	2023-04-20	2025-08-02
URL filter.trackifyy.com/filter?q=email+list&i=3-bEFXHFED0_0&ci=-8798162047562749180&t=474483375&h=1 IP / ASN 173.239.53.20 #27257 WEBAIR-INTERNET Introduced by EventHandler Embedded false Resource Info First Seen 2023-04-20 Last Seen 2025-08-02 Times Seen 942 Size 17 B (17 bytes) MD5 56f2e798b912606f085d36f4927629c4 SHA1 1b3407d3895ab71d08daa9f19e216a8ba79f6394 SHA256 229b43e4b5960428f468c286c539416a8729af10cb0387b28a29da78b4fc66db Format Code Loading...

	filter.trackifyy.com/filter?q=email+list&i=3-bEFXHFED0_0&ci=-8798162047562749180&t=474483375&h=1	ScriptElement	11 kB	2025-07-14	2025-07-14
URL filter.trackifyy.com/filter?q=email+list&i=3-bEFXHFED0_0&ci=-8798162047562749180&t=474483375&h=1 IP / ASN 173.239.53.20 #27257 WEBAIR-INTERNET Introduced by ScriptElement Embedded true Resource Info First Seen 2025-07-14 Last Seen 2025-07-14 Times Seen 1 Size 11 kB (11222 bytes) MD5 b1e8aa4a68e511ac1c6711147fb6c4d7 SHA1 5b27bc933e48dc63e9a52505fc4122092fd11b18 SHA256 5c6885169b2b0b73599eb42d53d7b453a2810cb749dc14c6e548154e75f54fdb Format Code Loading...

	errippleshiswash.com/?x50Eo=1199742	ScriptElement	177 B	2025-07-14	2025-07-14
URL errippleshiswash.com/?x50Eo=1199742 IP / ASN 104.21.84.146 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2025-07-14 Last Seen 2025-07-14 Times Seen 1 Size 177 B (177 bytes) MD5 ba248415314a5b011e677afeb5e71ed8 SHA1 c82a5f1f98d9fca201739143539761fa1e8c2f6c SHA256 aa06ebaa0094af35753d4dacc199269953bc62849aa4b7da7529a555ef0049c6 Format Code Loading...

HTTP Transactions (10)

URL IP Response Size

GET xmlclick.adcannyxml.com/nrtb/click?bid=05K6Y5hvBVoUlNfLGeAia9Yr1AV9Gjfz2uetoam3dqx90n3DUN3vtOwpKaaQYcdt_0_9-10468-10891

23.226.122.79

302 Found

13 kB

URL

xmlclick.adcannyxml.com/nrtb/click?bid=05K6Y5hvBVoUlNfLGeAia9Yr1AV9Gjfz2uetoam3dqx90n3DUN3vtOwpKaaQYcdt_0_9-10468-10891

IP / ASN

23.226.122.79

#29802 HVC-AS

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size13 kB (13009 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerUnizeto Technologies S.A.

Subject*.adcannyxml.com

Fingerprint5D:6C:19:2C:EA:39:F1:C4:40:33:0A:18:D1:0E:BC:D7:55:F2:F5:4D

ValidityWed, 26 Feb 2025 13:12:29 GMT - Thu, 26 Feb 2026 13:12:28 GMT

HTTP Headers

GET /nrtb/click?bid=05K6Y5hvBVoUlNfLGeAia9Yr1AV9Gjfz2uetoam3dqx90n3DUN3vtOwpKaaQYcdt_0_9-10468-10891 HTTP/1.1
Host: xmlclick.adcannyxml.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ssdroidnotificationcl.biz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.18.0 (Ubuntu)
date: Mon, 14 Jul 2025 17:23:50 GMT
content-type: text/html; charset=utf-8
content-length: 78
location: https://click-v4.junclikrmedi.com/click?i=rdDEBQ8bbvg_0
X-Firefox-Spdy: h2

GET filter.trackifyy.com/filter?q=email+list&i=3-bEFXHFED0_0&ci=-8798162047562749180&t=474483375&h=1

173.239.53.20

200 OK

13 kB

URL

filter.trackifyy.com/filter?q=email+list&i=3-bEFXHFED0_0&ci=-8798162047562749180&t=474483375&h=1

IP / ASN

173.239.53.20

#27257 WEBAIR-INTERNET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (594)

First Seen2025-07-14

Last Seen2025-07-14

Times Seen1

Size13 kB (13009 bytes)

MD5c45517dcbd623eb3694606d1a0b541b9

SHA108f01e90a8859fa67346b46c34cd0553ce2ac401

SHA256278495f96844dc3d64490969d3ca1ad1dcd789881b7b6651b4246006f9b4bbb2

Certificate Info

IssuerLet's Encrypt

Subjecttrackifyy.com

Fingerprint3E:62:3F:55:05:4E:FF:44:88:20:26:75:89:93:D7:6D:18:DC:D8:AA

ValiditySat, 28 Jun 2025 07:07:28 GMT - Fri, 26 Sep 2025 07:07:27 GMT

HTTP Headers

GET /filter?q=email+list&i=3-bEFXHFED0_0&ci=-8798162047562749180&t=474483375&h=1 HTTP/1.1
Host: filter.trackifyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ssdroidnotificationcl.biz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 14 Jul 2025 17:23:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13009
Connection: keep-alive
Cache-Control: no-store
Set-Cookie: c-1737361563=1374286901
x103095791=1374286901; Domain=.trackifyy.com
Referrer-Policy: unsafe-url

GET errippleshiswash.com/?x50Eo=1199742

104.21.84.146

200 OK

312 B

URL

errippleshiswash.com/?x50Eo=1199742

IP / ASN

104.21.84.146

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2025-07-14

Last Seen2025-07-14

Times Seen1

Size312 B (312 bytes)

MD5151a5b73864b3aa3af9771f993468e50

SHA1b2127dbea320c57e29e9e2230a60e11ec16b4902

SHA256b2c75c2877a8d283a4c84c6f2ddcbd5f9ecf07e86d1664e2fa8e08c9c3704df1

Certificate Info

IssuerGoogle Trust Services

Subjecterrippleshiswash.com

FingerprintF8:32:E5:95:76:F3:F1:C1:03:05:D4:11:D3:66:55:90:17:CD:60:2D

ValidityWed, 11 Jun 2025 10:12:24 GMT - Tue, 09 Sep 2025 11:11:08 GMT

HTTP Headers

GET /?x50Eo=1199742 HTTP/1.1
Host: errippleshiswash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://filter.trackifyy.com/filter?q=email+list&i=3-bEFXHFED0_0&ci=-8798162047562749180&t=474483375&h=1
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 14 Jul 2025 17:23:53 GMT
content-type: text/html
content-length: 250
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
server: cloudflare
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cXegrXUFIKA%2BohgfHRXRskZ2utKHMq9ZYWbuoANUgLO0NuQy8UKshEC01NJElZ9q3FPlFemS%2BQ1oOUsIZpJRPKM6oRJeUosM6n1B7ZlsUR7uwg%3D%3D"}]}
set-cookie: AWSALB=1QoO+c3CQI2X5ZuSb8YlYSfSTMtvlwJGweVj/4q6mUZSiLbuCMyBDLd5LagTJ1yrgYFz9dG/5P/64nB0lFWssqku9/y8JL1l/OvxdA17eArZsboG7i1ztM8dNPPA; Path=/; Expires=Mon, 21 Jul 2025 17:23:52 GMT
AWSALBCORS=1QoO+c3CQI2X5ZuSb8YlYSfSTMtvlwJGweVj/4q6mUZSiLbuCMyBDLd5LagTJ1yrgYFz9dG/5P/64nB0lFWssqku9/y8JL1l/OvxdA17eArZsboG7i1ztM8dNPPA; SameSite=None; Secure; Path=/; Expires=Mon, 21 Jul 2025 17:23:52 GMT
csu=2cee200a-9a37-4b79-804f-46e5bce99ca7
cf-ray: 95f2b5ddcdfd7129-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ssdroidnotificationcl.biz/

172.233.219.78

200 OK

4.4 kB

URL

ssdroidnotificationcl.biz/

IP / ASN

172.233.219.78

#63949 Akamai Connected Cloud

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (4430), with no line terminators

First Seen2025-07-14

Last Seen2025-07-14

Times Seen1

Size4.4 kB (4430 bytes)

MD51d6362c7151d1442e0711bcf14da9471

SHA1c054a2011cf9ce7356d9cc9938572e200e9aad88

SHA256d75dc2bf6843af04a534f89cf904bfdad8cbda74268acca5aba2eb3f149e1495

Certificate Info

IssuerLet's Encrypt

Subjectssdroidnotificationcl.biz

FingerprintFB:B8:D0:4F:B5:BB:69:6A:39:38:E2:23:FB:19:06:3A:C8:C4:93:59

ValidityMon, 02 Jun 2025 20:38:00 GMT - Sun, 31 Aug 2025 20:37:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: ssdroidnotificationcl.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 14 Jul 2025 17:23:48 GMT
content-type: text/html
cache-control: no-store, max-age=0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
permissions-policy: ch-ua=(self "https://*.parklogic.com"), ch-ua-arch=(self "https://*.parklogic.com"), ch-ua-bitness=(self "https://*.parklogic.com"), ch-ua-full-version=(self "https://*.parklogic.com"), ch-ua-full-version-list=(self "https://*.parklogic.com"), ch-ua-mobile=(self "https://*.parklogic.com"), ch-ua-model=(self "https://*.parklogic.com"), ch-ua-platform=(self "https://*.parklogic.com"), ch-ua-platform-version=(self "https://*.parklogic.com"), ch-ua-wow64=(self "https://*.parklogic.com")
content-encoding: gzip
X-Firefox-Spdy: h2

GET click-v4.junclikrmedi.com/click?i=Qf9taepBjGE_0

198.134.116.17

302 Found

13 kB

URL

click-v4.junclikrmedi.com/click?i=Qf9taepBjGE_0

IP / ASN

198.134.116.17

#27257 WEBAIR-INTERNET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size13 kB (13009 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectjunclikrmedi.com

Fingerprint64:D5:CC:E5:9A:9E:86:29:63:D1:99:53:B6:AA:7E:0D:72:94:11:54

ValidityTue, 17 Jun 2025 06:46:03 GMT - Mon, 15 Sep 2025 06:46:02 GMT

HTTP Headers

GET /click?i=Qf9taepBjGE_0 HTTP/1.1
Host: click-v4.junclikrmedi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ssdroidnotificationcl.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 14 Jul 2025 17:23:50 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://xmlclick.adcannyxml.com/nrtb/click?bid=05K6Y5hvBVoUlNfLGeAia9Yr1AV9Gjfz2uetoam3dqx90n3DUN3vtOwpKaaQYcdt_0_9-10468-10891

GET click-v4.junclikrmedi.com/click?i=rdDEBQ8bbvg_0

198.134.116.17

302 Found

13 kB

URL

click-v4.junclikrmedi.com/click?i=rdDEBQ8bbvg_0

IP / ASN

198.134.116.17

#27257 WEBAIR-INTERNET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size13 kB (13009 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectjunclikrmedi.com

Fingerprint64:D5:CC:E5:9A:9E:86:29:63:D1:99:53:B6:AA:7E:0D:72:94:11:54

ValidityTue, 17 Jun 2025 06:46:03 GMT - Mon, 15 Sep 2025 06:46:02 GMT

HTTP Headers

GET /click?i=rdDEBQ8bbvg_0 HTTP/1.1
Host: click-v4.junclikrmedi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ssdroidnotificationcl.biz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 14 Jul 2025 17:23:50 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Set-Cookie: x103095791=1374286901; Domain=.trackifyy.com
Location: https://filter.trackifyy.com/filter?q=email+list&i=3-bEFXHFED0_0&ci=-8798162047562749180&t=474483375&h=1

GET xml-v4.trackifyy.com/click2?i=3-bEFXHFED0_0&ci=-8798162047562749180&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D9590%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D2%26rf%3Dssdroidnotificationcl.biz%26lo%3Dfilter.trackifyy.com%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A134.0%29%2BGecko%252F20100101%2BFirefox%252F134.0%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D55%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3DMesa%26vrd%3Dllvmpipe%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0

173.239.53.20

302 Found

312 B

URL

xml-v4.trackifyy.com/click2?i=3-bEFXHFED0_0&ci=-8798162047562749180&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D9590%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D2%26rf%3Dssdroidnotificationcl.biz%26lo%3Dfilter.trackifyy.com%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A134.0%29%2BGecko%252F20100101%2BFirefox%252F134.0%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D55%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3DMesa%26vrd%3Dllvmpipe%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0

IP / ASN

173.239.53.20

#27257 WEBAIR-INTERNET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size312 B (312 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjecttrackifyy.com

Fingerprint3E:62:3F:55:05:4E:FF:44:88:20:26:75:89:93:D7:6D:18:DC:D8:AA

ValiditySat, 28 Jun 2025 07:07:28 GMT - Fri, 26 Sep 2025 07:07:27 GMT

HTTP Headers

GET /click2?i=3-bEFXHFED0_0&ci=-8798162047562749180&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D9590%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D2%26rf%3Dssdroidnotificationcl.biz%26lo%3Dfilter.trackifyy.com%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A134.0%29%2BGecko%252F20100101%2BFirefox%252F134.0%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D55%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3DMesa%26vrd%3Dllvmpipe%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0 HTTP/1.1
Host: xml-v4.trackifyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://filter.trackifyy.com/filter?q=email+list&i=3-bEFXHFED0_0&ci=-8798162047562749180&t=474483375&h=1
DNT: 1
Connection: keep-alive
Cookie: x103095791=1374286901
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 14 Jul 2025 17:23:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://errippleshiswash.com/?x50Eo=1199742

GET net.geo.opera.com/opera/stable/windows?utm_source=admaven&utm_medium=apb&utm_campaign=popup&utm_content=1199742&utm_id=6658588536397025818

185.26.182.111

200 OK

2.7 MB

URL

net.geo.opera.com/opera/stable/windows?utm_source=admaven&utm_medium=apb&utm_campaign=popup&utm_content=1199742&utm_id=6658588536397025818

IP / ASN

185.26.182.111

#39832 Opera Norway AS

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

First Seen2025-07-14

Last Seen2025-07-14

Times Seen1

Size2.7 MB (2652984 bytes)

MD50fb66f9deb03b316ad1b6798d0a46de4

SHA1457840829effa1fced93e63e13d5a7f6164be9b9

SHA256cb94ac351c0d0b1736902f91fc1b20136d7d3233f30e1f159bb0de4a042856ae

Certificate Info

IssuerDigiCert Inc

Subjectnet.geo.opera.com

Fingerprint6A:72:B6:52:10:D2:8D:4D:EE:7D:88:08:A2:02:82:48:C1:B9:DA:53

ValidityMon, 03 Mar 2025 00:00:00 GMT - Fri, 13 Mar 2026 23:59:59 GMT

HTTP Headers

GET /opera/stable/windows?utm_source=admaven&utm_medium=apb&utm_campaign=popup&utm_content=1199742&utm_id=6658588536397025818 HTTP/1.1
Host: net.geo.opera.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 14 Jul 2025 17:23:53 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Content-Disposition: attachment; filename=OperaSetup.exe
ETag: W/"0fb66f9deb03b316ad1b6798d0a46de4"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET ssdroidnotificationcl.biz/favicon.ico

0.0.0.0

0 B

URL

ssdroidnotificationcl.biz/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://ssdroidnotificationcl.biz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectssdroidnotificationcl.biz

FingerprintFB:B8:D0:4F:B5:BB:69:6A:39:38:E2:23:FB:19:06:3A:C8:C4:93:59

ValidityMon, 02 Jun 2025 20:38:00 GMT - Sun, 31 Aug 2025 20:37:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ssdroidnotificationcl.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ssdroidnotificationcl.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

POST router.parklogic.com/

172.234.216.100

200 OK

55 B

URL

router.parklogic.com/

IP / ASN

172.234.216.100

#63949 Akamai Connected Cloud

Requested byhttps://ssdroidnotificationcl.biz/

Resource Info

File typeASCII text, with no line terminators

First Seen2025-07-14

Last Seen2025-07-14

Times Seen1

Size55 B (55 bytes)

MD58c330b6f200dddcd8d5d7f27c82b3797

SHA163427784cfa06492636f084a2603611b334d9152

SHA2564a2077da8b7cfce15c6780f0d9ea178711116bd076821b55af538f822a1470ae

Certificate Info

IssuerLet's Encrypt

Subjectrouter-lb01.parklogic.com

Fingerprint85:E3:F4:EB:CD:63:9B:0A:3D:3A:5F:C3:4A:6C:65:01:DB:CA:C3:9C

ValiditySat, 28 Jun 2025 21:31:25 GMT - Fri, 26 Sep 2025 21:31:24 GMT

HTTP Headers

POST / HTTP/1.1
Host: router.parklogic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 455
Origin: https://ssdroidnotificationcl.biz
DNT: 1
Connection: keep-alive
Referer: https://ssdroidnotificationcl.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 14 Jul 2025 17:23:49 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
X-Firefox-Spdy: h2